CLAIMS 

1 . A\method for customizing a set (S) of 
several second security units {EI) , comprising secure 
downloading of an \application key (TA) from a first 
security unit (AS) o\f a central processing unit to said 
set of second securiV units (EI) , said first unit and 
second units each comprising at least one memory (M) , 
characterized in that i\ comprises the steps of: 

for each second unit (EI) in said set (S) , 

- on each downloading, computing an operation 
key (Tl) in the first uVit (AS) based on information 
specific to the second un\t (EI), a transport key (T) , 
and a diversification algorithm (ALG01) , said transport 
key (T) residing within t\e memory (M) of the first 
security unit (AS), said memoVy (M) being non-volatile, 

- encrypting the If&JL ication key (TA) in the 
first unit (AS) based on AnVJrmation comprising said 
operation key (Tl) and an e^nc^feipn algorithm (ALG02 ) , 
said application key (TA) residing in said memory (M) , 

sending data TOATA) comprising the 
encrypted application key (TA) to Vhe second unit (EI), 

- on each downloading, Computing an operation 
key (Tl) in the second unit (EI) Y>ased on information 
specific to the second unit (EI), tfte transport key (T) 
and the diversification algorithm \(ALG01) , the same 
transport key (T) residing in the nlbn-volatile memory 
(M) of each second security unit (EI)\of said set (S) , 
said operation key (Tl) not being stored within the 
memory (M) of said second unit, 

- decrypting the encrypted application key 
(TA) in the second unit (EI) based oS information 
comprising said operation key (Tl) and \ decryption 
algorithm (ALG02P) which is the invers^ of the 
encryption, algorithm (ALG02) . - 




A 2. A method according to claim 1, 

characterized in that it furthb^r comprises an additional 
step of : 



\ - sending information specific to the second 
unit (EI) \to the first unit (AS) before computing the 
applicationVtey (Tl) in the first unit (AS) . 

3 .\ A method according to claims 1 or 2, 
characterized ib that it further comprises an additional 
step of : \ 

- sending a random number provided by the 
second unit (EI)\ to the first unit (AS) , before 
encrypting the applVcation key (TA) in the first unit 
(AS) . \ 

4 . A method Y ccor ding to any of the preceding 
claims, characterized i\ that it further comprises an 
additional step of: \ 

sending information pertaining to an 
application key (TA) to the first unit (AS) , before 
encrypting the application Vey (TA) within said unit 
(AS) . \ 

5. A method according to claim 4, 
characterized in that it further Comprises an additional 
step of : \ 

- choosing the application key (TA) to be 
encrypted based on said information. \ 

6 . A method according to an\ of the preceding 
claims, characterized in that said encryption of an 
application key (TA) intended for a secoVd unit (EI) is 
unique. \ 

7 . A method according to any of uhe preceding 
claims, characterized in that it further comprises an 
additional step of: \ 

verifying integrity of the datV (DATA) 
include the encrypted application key (TA) . \ 



8 1 A method according to any of the preceding 
fclaims, characterized in that it further comprises an 
/additional steA of: 

sending information pertaining to an 
5 J application key\(TA) to the second unit (EI), before 
decrypting the ■ encrypted application key (TA) within 
said unit (EI) of Vaid set (S) . 



10 



15 



20 



according to any of the preceding 
in that it further comprises an 



9 . A met! 
claims, characterize< 
additional step of 

- storing within the second unit (EI) , after 
decrypting the encrypte^ application key (TA) , said key 
(TA) within said unit (: 

10 . A method according to claim 9, 
characterized in that storVng of the application key 
(TA) within the second unit (EI) is done based on 
information pertaining to an application key (TA) . 
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11. A method acc< 
preceding claims, characterize! 
comprises an additional step of: 

- verifying that the 

authentic 



rding 
in 



to any 
that it 



of the 
further 



application key (TA) is 
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12 . A method according \ to any of the 
preceding claims, characterized in \ that the first 
security unit (AS) is a smart card. 



13 . A method according t< 
preceding claims, characterized in that 
is a rewritable memory. 



any of the 
le memory (M) 



35 14 . A method according to c 

preceding claims, characterized in that a 
(EI) comprises several application keys (TA) . 



of the 
second unit 



,5. 



method 



according to any of the 
preceding claVms, characterized in that the first unit 
(AS) comprisesWveral application keys (TA) . 
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16 . \A method according to any of the 
preceding claims\ characterized in that it further 
comprises an additional step of: 

- af terVncrypting the application key (TA) , 
erasing the operatio\ key (Tl) temporarily saved within 
the second volatile meVory of the first unit (AS) 



15 



20 



25 



17. A mettibd according to any of the 
preceding claims, characterized in that, it further 
comprises an additional steV of : 

- after decrypting the application key (TA) 
erasing the operation key (A) temporarily saved within 
a second volatile memory (M2) \n the first unit (EI) . 

18. A method according to preceding claims 2 
to 4, characterized in that it\ further comprises an 
additional step of: 

- sending the random information, information 
(REF1 ) pertaining to an application key (TA) and 
information (SN) specific to the second unit (EI) to the 
first unit (AS) by means of a f ir ^ single command 

(EXPORTKEY) . 
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19- A method according to preceding claims 1 
and 2, characterized in that it further \omprises the 
additional steps of: 

- sending the encrypted application key (TA) 
and the information (REF2 ) pertaining to an application 
key (TA) to the second unit (EI ) by means of A single 
second command (IMPORTKEY) 




